From 509f45656171f9aa4fc3398c9a2a2022da11faf8 Mon Sep 17 00:00:00 2001 From: Martin Fischer Date: Sun, 9 Mar 2025 18:52:38 +0100 Subject: refactor: rename lib.nix to helpers.nix To avoid confusion with nixpkgs.lib. --- nixos/helpers.nix | 32 ++++++++++++++++++++++++++++++++ nixos/hosts/ev/torrent.nix | 6 +++--- nixos/lib.nix | 32 -------------------------------- nixos/shared/vpn.nix | 2 +- 4 files changed, 36 insertions(+), 36 deletions(-) create mode 100644 nixos/helpers.nix delete mode 100644 nixos/lib.nix diff --git a/nixos/helpers.nix b/nixos/helpers.nix new file mode 100644 index 0000000..7880cc7 --- /dev/null +++ b/nixos/helpers.nix @@ -0,0 +1,32 @@ +let + nixpkgs = import {}; +in +{ + joinWgNamespace = ns: cfg: + nixpkgs.lib.attrsets.recursiveUpdate cfg { + bindsTo = ["netns@${ns}.service"]; + after = ["wireguard-wg-${ns}.service"]; + unitConfig.JoinsNamespaceOf = "netns@${ns}.service"; + serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}"; + }; + + mkPortProxy = service: ns: port: { + description = "Forward to ${service} in network namespace ${ns}"; + requires = ["${service}.service"]; + after = ["${service}.service"]; + partOf = ["${service}.service"]; + serviceConfig = { + Restart = "on-failure"; + TimeoutStopSec = 300; + }; + wantedBy = ["multi-user.target"]; + script = + let + pkgs = nixpkgs.pkgs; + in + '' + ${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.iproute2}/bin/ip link set dev lo up + ${pkgs.socat}/bin/socat tcp-listen:${toString port},fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.socat}/bin/socat STDIO "tcp-connect:localhost:${toString port}"',nofork + ''; + }; +} diff --git a/nixos/hosts/ev/torrent.nix b/nixos/hosts/ev/torrent.nix index 93a7b43..7b7cbdb 100644 --- a/nixos/hosts/ev/torrent.nix +++ b/nixos/hosts/ev/torrent.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - mylib = import ; + helpers = import ; cfg = config.torrent; in { @@ -27,7 +27,7 @@ in systemd = { packages = [pkgs.qbittorrent-nox]; - services."qbittorrent" = mylib.joinWgNamespace cfg.networkNamespace { + services."qbittorrent" = helpers.joinWgNamespace cfg.networkNamespace { enable = true; path = [pkgs.qbittorrent-nox]; serviceConfig = { @@ -37,7 +37,7 @@ in wantedBy = ["multi-user.target"]; }; - services.qbittorrent-webui-proxy = mylib.mkPortProxy "qbittorrent" cfg.networkNamespace cfg.qbittorrentWebUiPort; + services.qbittorrent-webui-proxy = helpers.mkPortProxy "qbittorrent" cfg.networkNamespace cfg.qbittorrentWebUiPort; }; }; } diff --git a/nixos/lib.nix b/nixos/lib.nix deleted file mode 100644 index 7880cc7..0000000 --- a/nixos/lib.nix +++ /dev/null @@ -1,32 +0,0 @@ -let - nixpkgs = import {}; -in -{ - joinWgNamespace = ns: cfg: - nixpkgs.lib.attrsets.recursiveUpdate cfg { - bindsTo = ["netns@${ns}.service"]; - after = ["wireguard-wg-${ns}.service"]; - unitConfig.JoinsNamespaceOf = "netns@${ns}.service"; - serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}"; - }; - - mkPortProxy = service: ns: port: { - description = "Forward to ${service} in network namespace ${ns}"; - requires = ["${service}.service"]; - after = ["${service}.service"]; - partOf = ["${service}.service"]; - serviceConfig = { - Restart = "on-failure"; - TimeoutStopSec = 300; - }; - wantedBy = ["multi-user.target"]; - script = - let - pkgs = nixpkgs.pkgs; - in - '' - ${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.iproute2}/bin/ip link set dev lo up - ${pkgs.socat}/bin/socat tcp-listen:${toString port},fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.socat}/bin/socat STDIO "tcp-connect:localhost:${toString port}"',nofork - ''; - }; -} diff --git a/nixos/shared/vpn.nix b/nixos/shared/vpn.nix index 44a4f2c..59fb225 100644 --- a/nixos/shared/vpn.nix +++ b/nixos/shared/vpn.nix @@ -7,7 +7,7 @@ # We're creating the wireguard interfaces in network namespaces so that # we can use them on demand: # * for a command by prefixing it with `sudo ip netns exec ` - # * for a systemd service by passing its config to joinWgNamespace from lib.nix + # * for a systemd service by passing its config to joinWgNamespace from helpers.nix networking.wireguard = { enable = true; -- cgit v1.2.3